(credit: amalthya / Flickr)
In the immediate aftermath of the Spectre and Meltdown attacks, Microsoft created an unusual stipulation for Windows patches: systems would only receive the fixes if they had antivirus software installed and if that antivirus software created a special entry in the registry to indicate that it’s compatible with the Windows fixes.
This was due to the particularly invasive nature of the Meltdown fix: Microsoft found that certain antivirus products manipulated Windows’ kernel memory in unsupported ways that would crash systems with the Meltdown fix applied.

The registry entry was a way for antivirus software to positively affirm that it was compatible with the Meltdown fix; if that entry was absent, Windows assumed that incompatible antivirus software was installed and hence did not apply the security fix.
This put systems without any antivirus software at all in a strange position: they too lack the registry entries, so they’d be passed over for fixes, even though they don’t, in fact, have any incompatible antivirus software.
Read 5 remaining paragraphs

Leave a Reply